{"id":24322,"date":"2024-04-15T19:10:52","date_gmt":"2024-04-16T03:10:52","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/04\/15\/news-18052\/"},"modified":"2024-04-15T19:10:52","modified_gmt":"2024-04-16T03:10:52","slug":"news-18052","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2024\/04\/15\/news-18052\/","title":{"rendered":"Microsoft\u2019s April 2024 Patch Tuesday includes two actively exploited zero-day vulnerabilities"},"content":{"rendered":"\n

The April 2024 Patch Tuesday update<\/a> includes patches for 149 Microsoft vulnerabilities and republishes 6 non-Microsoft CVEs. Three of those 149 vulnerabilities are listed as critical, and one is listed as actively exploited by Microsoft. Another vulnerability is claimed to be a zero-day by researchers that have found it to be used in the wild.<\/p>\n

Let\u2019s first have a look at the two zero-days. The Common Vulnerabilities and Exposures (CVE) database lists publicly disclosed computer security flaws. The CVEs for these two vulnerabilities are:<\/p>\n

CVE-2024-26234<\/a> (CVSS<\/a> score 6.7 out of 10): a proxy driver spoofing vulnerability that Microsoft listed as \u201cExploitation detected\u201d hours after it initially listed it as non-exploited.<\/p>\n

In fact, the patch is a revocation of a Microsoft Windows Hardware Compatibility Publisher signature that was used to sign a file which contained a backdoor using an embedded proxy server to monitor and intercept network traffic on an infected Windows machine. Apparently, the software, designed to remote-control phones, was used to make them act like online bots, collectively liking posts, following people on social media, and posting comments.<\/p>\n

CVE-2024-29988<\/a> (CVSS score 8.8 out of 10): a SmartScreen prompt security feature bypass vulnerability. Microsoft still has this listed as \u201cExploitation More Likely\u201d and acknowledges the fact that functional exploit code is available. Which means that the exploit code works in most situations where the vulnerability exists.<\/p>\n

One reason for the contradiction could be that the exploitation requires some form of user interaction. It requires an attacker to get the victim to click on a link or open a file. If the victim falls for that, the bug allows the attacker to bypass the SmartScreen security feature in Windows that’s supposed to alert users to any untrusted websites or other threats.<\/p>\n

Researchers said that attackers are using the weakness to send targets exploits in a zipped file which bypasses the Mark of the Web (MotW) warnings, a warning message users should see when trying to open a file downloaded from the internet.<\/p>\n

A few applications that deserve some of your attention if you\u2019re using them are SQL Server (38 vulnerabilities), and Windows Remote Access Connection Manager (9).<\/p>\n

Other vendors<\/h3>\n

Other vendors have synchronized their periodic updates with Microsoft. Here are few major ones that you may find in your environment.<\/p>\n

The Android<\/strong> Security Bulletin for April 2024 contains details of security vulnerabilities<\/a> for patch level 2024-04-05 or later.<\/p>\n

Google also updated<\/a> Chrome <\/strong>to patch a zero-day vulnerability.<\/p>\n

SAP<\/strong> has released its April 2024 Patch Day<\/a> updates.<\/p>\n

\n

We don\u2019t just report on vulnerabilities\u2014we identify them, and prioritize action.<\/strong><\/p>\n

Cybersecurity risks should never spread beyond a headline. Keep vulnerabilities in tow by using\u00a0ThreatDown Vulnerability and Patch Management<\/a>.<\/p>\n

https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Microsoft has fixed 149 vulnerabilities, two of which are reportedly being exploited in the wild. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[22783,32],"class_list":["post-24322","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-exploits-and-vulnerabilities","tag-news"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24322","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24322"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24322\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24322"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24322"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24322"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}